CVE-2006-5031

The CVE-2006-5031 vulnerability affects CakePHP up to version 1.1.8.3544, in the file app/webroot/js/vendors.php. The issue is a directory traversal in the file parameter, where an attacker can supply a .. sequence followed by a filename ending with %00 and a .js filename, enabling reading of arb...

CVE-2006-5031

Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, followed by a filename ending with "%00" and a .js filename...

PT-2006-5772 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions prior to 1.1.8.3544 Description: The issue allows remote attackers to read arbitrary files via a .. dot dot in the file parameter, followed by a filename ending with %00 and a .js filename. This is a directory traversal...

CakePHP vendors.php file Parameter Traversal Arbitrary File Access

The remote host is running CakePHP, an open source rapid development framework for PHP. The version of CakePHP on the remote host allows directory traversal sequences in the 'file' parameter of the 'js/vendors.php' script. An unauthenticated attacker may be able to leverage this flaw to view...

[SA22040] CakePHP "file" Parameter Disclosure of Sensitive Information

TITLE: CakePHP "file" Parameter Disclosure of Sensitive Information SECUNIA ADVISORY ID: SA22040 VERIFY ADVISORY: http://secunia.com/advisories/22040/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: CakePHP 1.x http://secunia.com/product/11247/...

CakePHP 1.1.7.3363 - Vendors.php Directory Traversal

CakePHP 1.1.7.3363 - Vendors.php Directory Traversal source: https://www.securityfocus.com/bid/20150/info CakePHP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from...

CakePHP 1.1.7.3363 - 'Vendors.php' Directory Traversal

source: https://www.securityfocus.com/bid/20150/info CakePHP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected...

CVE-2006-4067

Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...

DEBIAN-CVE-2006-4067

Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...

CVE-2006-4067

Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...

CVE-2006-4067

Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...

CVE-2006-4067

The CVE-2006-4067 issue affects CakePHP, specifically the cake/libs/error.php component, where an XSS vulnerability allows an attacker to inject arbitrary script/HTML via the URL. The problem is reflected in a 404 page and arises in CakePHP before version 1.1.7.3363. Connected advisories corrobor...

PT-2006-4911 · Cakephp · Cakephp

Name of the Vulnerable Software and Affected Versions: CakePHP versions prior to 1.1.7.3363 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. This occurs due to a...

CVE-2006-4067

Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...

[SA21383] CakePHP error.php Cross-Site Scripting Vulnerability

TITLE: CakePHP error.php Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA21383 VERIFY ADVISORY: http://secunia.com/advisories/21383/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: CakePHP 1.x http://secunia.com/product/11247/ DESCRIPTION: A vulnerabili...